How Should GRC Professionals Approach Natural Disaster Risk Management?
Jon Siegler | December 28, 2018
The California forest fires dominated headlines in late 2018, killing dozens of people and causing widespread damage to property in Malibu, Paradise, Butte County, and elsewhere throughout the state.
While the final financial tally is yet to be nailed down, it’s clear that the costs will run into the billions of dollars. Indeed, wildfires increasingly look like an ongoing phenomenon in California: the three most destructive fires in state history all took place in 2017 and 2018. The economic impact to residents and businesses will be felt for a long time to come.
Of course, fires are just one variety of natural threat to human life and property. In 2017, Hurricane Harvey caused $125 billion in economic losses when it slammed into the Gulf states and Hurricane Sandy caused $70 billion in damage to the Eastern Seaboard in 2012. Most disconcerting? Assuming current climate projections are correct, hurricanes will only get more destructive as ocean temperatures rise.
In other words, natural disasters are a real, and enormously expensive, fact of life. And they aren’t going away.
If you are responsible for risk management at your organization, how do you manage the possibility that your operations could someday be affected by a hurricane, earthquake, flood, climate change, or some other natural event?
It isn’t easy. It’s natural to focus on immediate, concrete business issues ahead of incomprehensibly big, ill-defined, and unplanned events like a natural disaster. Most businesspeople recognize the importance of planning for the worst—after all, it could be the difference between survival and going out of business—but making it a priority takes conscious effort.
Where to begin? Here, we outline a framework for putting a strategy of your own in place.
1) Perform a Risk Assessment
First, you’ll want to identify your natural disaster risks—by type, severity, and chance of occurrence—as well which of your assets would be threatened. The first part of this exercise is fairly straightforward: simply list out those disasters most likely to happen in your part of the world, the frequency with which they happen, and their potential for harm. Some, such as hurricanes, will pose a much greater threat than others, such as infrequent wildfires. This will help you create a model for potential impact to life, property, and financial assets before a disaster strikes. Word to the wise: don’t neglect the less-frequent dangers—“infrequent” doesn’t mean “impossible.” Businesses up and down the Eastern Seaboard (including many hundreds of miles inland) learned this the hard way during Hurricane Sandy.
The second part can be harder, depending on the complexity of your business. You’ll not only want to consider risk to your own people and property, but those of your suppliers, customers, and other partners as well. To avoid interruptions in operations, risk teams should work to develop pre-event strategies to successfully redirect supply lines as well as identify potential emergency or backup vendors that could be available to offset any lost materials.
2) Get Insured
You’ll use your risk assessment to get insurance coverage against natural disaster risk. You wouldn’t, for instance, want to pay for hurricane insurance if you’re in the middle of the country or flood insurance if your property resides on a mountain. Talk to your agent or broker so that you know your deductibles and how they are applied to your coverages. You should know the limits and nature of your insurance, including coverage specifics. You may want to make changes to some policies, as all coverages are subject to limits and exclusions. You might also consider business interruption insurance, which offers broad coverage of lost income resulting from an insured peril. Finally, be sure to keep your insurance up-to-date and information handy in the event it’s needed.
3) Prep your plan
For all your natural disaster risks, you will want to have a plan-of-action in place that can be relied upon in the event of an emergency. This should include clear and thorough evacuation plans, communication protocols, contact lists, key asset inventories, and anything else that would be important for employees in a crisis. You’ll need to review and update this periodically as information and personnel change, and regular training exercises and drills are mandatory to make sure employees know how to carry the plans out.
Of course, there is no 100% foolproof plan that will protect your organization from every situation. Still, you can be well prepared for most emergencies, which should go a long way toward minimizing the potential loss. If your company does not yet have such a plan, you can work with insurers or agents and brokers to begin the process. There are also a number of consultants that specialize in this area.
4) Focus on Prevention
If it’s within your power to prevent or minimize harm from a natural disaster in the first place, that’s your best bet. This might include improving building resilience through storm surge protection or fireproofing, or redesigning your supply chains so your inventory stays out of harm’s way. For information assets such as financial records, important company files, and sensitive customer data, be sure to follow proper data-protection recommendations and regulations. These include off-site storage, redundancy, and regular backups.
How LogicGate Can Help
Clearly there’s a lot at stake. LogicGate’s Business Continuity Management software can help ease the burden of putting a disaster-response plan in place, so you're ready to respond quickly and effectively. The powerful platform offers one central system where you can develop and store your response plan, keep key personnel up-to-date, and equip your employees with the information they need to keep your business intact.